Linux 2.6.30 and the "init_cred" symbol

[Cyril <tipecaml@gmail.com>]

Hello all !

I have recently become interested in understanding some recent exploits 
written by Brad Spengler, and especially the one using a null-pointer 
dereference in tun_chr_poll() (this exploit can be found here : 
http://grsecurity.net/~spender/cheddar_bay.tgz).

After taking a look at his code, I decided to compile Linux 2.6.30, so I 
could run the exploit and play with the code a little. I ended up 
cloning the following repository 
(http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=summary) 
and doing a checkout of an older branch (in which the patch 
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3f8fd3f9f677ce452556aca82473b7fcac370830 
had not been applied). I compiled the kernel as a .deb package, and it 
works perfectly on a virtual machine running Debian.

The problem is I can't get to run the exploit : to do so, I would need 
to be able to resolve the address of the "init_cred" symbol. The fact is 
that the following command does not return anything :
$ grep init_cred /proc/kallsyms

According to http://lwn.net/Articles/287091/, init_cred is "the set of 
credentials used by the init process and by all kernel daemons", which 
makes me think this symbol should be there. Do you think I did something 
wrong when compiling the kernel, or is that normal not to find this 
symbol on certain versions of Linux ?

Thanks in advance !

Cyril Roelandt.
--
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs